Installing custom WPK package¶
1. Install the root CA into the agent¶
The root CA certificate, or failing that, the certificate used to sign the WPK package, must be installed in the agent before running an upgrade.
You have two options:
Overwrite the shipped root CA with your certificate. This will prevent your agent from upgrading using WPK packages from Wazuh.# cp /path/to/certificate etc/wpk_root.pem
Add a new certificate by editing the ossec.conf file:<active-response> <ca_store>/var/ossec/etc/wpk_root.pem</ca_store> <ca_store>/path/to/certificate</ca_store> </active-response>
2. Run the upgrade¶
Get the WPK package into the Wazuh manager and run:
# /var/ossec/bin/agent_upgrade -a 001 -f path/to/myagent.wpk -x upgrade.sh
-a 001 specifies the agent to upgrade.
-f path/to/myagent.wpk is the path to the WPK package.
-x upgrade.sh is the name of the upgrading script contained in the package.
Sending WPK: [=========================] 100% Installation started... Please wait. Agent upgraded successfully